ADACOM Red Alert – 06/03/2023
Recently we have investigated a large number of ransomware cyber-attacks through VPN service.
The cyber-attack methodology is as follows:
- Attacking the users or their device in order to obtain their credentials
- Unauthorized access via VPN using stolen credentials
- Lateral movements of the hacker within the organization’s network
- Identifying a vulnerability and exploiting it in order to become a domain administrator
- Installation of malicious tools
- Data extraction and system encryption
To protect against cyber-attacks through the VPN service, we recommend the following protection mechanisms:
- Installation of the latest security patches on firewalls that provide VPN services
- Provision of the VPN service only to users who are operationally required
- VPN access to Partners should only be provided through a Privilege Access Management solution
- Implementation of Users’ authentication through a Two Factors Authentication (2FA) or Multi Factors Authentication (MFA) solution
- Activation of the passwordless authentication mechanism for the 2FA/MFA solution
- Enabling Risk Based Authentication mechanism for 2FA/MFA solution in order to identify known cyber-attack patterns and high risk diversions
- Providing VPN access only for valid devices provided by the organization
- Hardening the remote devices used to access the VPN. Examples include:
- Installation of endpoint protection solution
- Installation of Endpoint Detection and Response solution
- Activation of Personal Firewall
- Manage the device through an MDM solution
- Installation of all latest security patches
In the event that you become aware of or detect any cyber-attack, please do not hesitate to contact ADACOM’s Cyber-attack Emergency Response Team by phone at +30 210 5193760 or by email at cert@adacom.com